---
title: "Policy: External Data Sharing"
slug: "policy-external-data-sharing"
updated: 2026-02-02T16:09:09Z
published: 2026-02-02T16:09:09Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://knowledge.rainforest-alliance.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Policy: External Data Sharing

![](https://cdn.document360.io/929f3fed-0f9d-454a-80e4-d7496bf45e88/Images/Documentation/indicator-guidance-image-g96v93xw.png)

| Title: | Rainforest Alliance Policy: External Data Sharing Policy |
| --- | --- |
| Code: | A-53-SRCL-B-AL |
| Version: | 1.0 |
| Applies to: | All individuals and entities involved in the external sharing of Rainforest Alliance data. |
| Enforceability: | Binding Content |
| Effective by: | 2nd May 2026 |
| Published on: | 2nd February 2026 |
| Linked to: | [Rainforest Alliance Terms and Conditions](https://knowledge.rainforest-alliance.org/docs/rainforest-alliance-terms-and-conditions-1) [A-27-SRCL-B-CH EUDR Data Sharing Policy](https://knowledge.rainforest-alliance.org/docs/eudr-data-sharing-policy?highlight=data%20sharing%20policy) [A-1-S-B-FA Rainforest Alliance Sustainable Agriculture Standard - Farm Requirements](https://knowledge.rainforest-alliance.org/docs/rainforest-alliance-sustainable-agriculture-standard-farm-requirements) [A-33-R-B-FA Rainforest Alliance Regenerative Agriculture Standard,](https://knowledge.rainforest-alliance.org/docs/rainforest-alliance-regenerative-agriculture-standard-farm-requirements-v10) [Farm Requirements](https://knowledge.rainforest-alliance.org/docs/rainforest-alliance-regenerative-agriculture-standard-farm-requirements-v10) [A-35-SRCL-B-SC Rainforest Alliance Supply Chain Requirements](https://knowledge.rainforest-alliance.org/docs/rainforest-alliance-supply-chain-requirements-v15) |

## 1. Purpose

This policy explains how Rainforest Alliance shares data with partners, buyers, researchers, and the public.

It ensures that all data sharing is responsible, transparent, and aligned with legal requirements, including the [Rainforest Alliance Terms and Conditions](https://knowledge.rainforest-alliance.org/docs/rainforest-alliance-terms-and-conditions-1?highlight=Rainforest%20Alliance%20Terms%20%26%20Conditions) (T&Cs), Certification Binding Documents, and data protection laws, such as General Data Protection Regulation (GDPR).

Our goal is to use data to promote sustainability and transparency, while protecting the rights and confidentiality of farmers, organizations, and communities.

## 2. Scope

This policy applies to:

- All external sharing of data collected or managed by Rainforest Alliance through its **certification program**, **traceability systems**, and **online platforms**.
- All **Certificate Holders**, **farmers**, **supply chain actors**, **buyers**, and **research partners** who request or receive data from Rainforest Alliance.

It does **not** apply to internal data use within Rainforest Alliance.

## 3. Key Definitions

| **Term** | **Meaning** |
| --- | --- |
| **Supply Chain Data** | Data provided by organizations through certification, including traceability, transaction, and performance information. |
| **Personal Information** | Any information that identifies a person (such as names, contact details, GPS coordinates). |
| **Aggregated and Anonymized Data** | Data that is provided in such a way that personal information and confidential information cannot be identified, directly or indirectly, and cannot reasonably be re-identified (we rely on a minimum of three data points for anonymization purposes). |

## **4. Guiding Principles**

1. **Transparency** Rainforest Alliance shares information to build trust and understanding about certification and sustainability efforts.
2. **Confidentiality and Fairness** Rainforest Alliance protects confidential information and only shares data in ways that are fair, secure, and consistent with the Rainforest Alliance T&Cs.
3. **Consent and Legal Basis** Personal information is only shared when there is a valid legal basis—such as consent, performance of a contract, or legitimate interests—and in accordance with applicable laws.
4. **Anonymization** Whenever possible, data shared externally is aggregated or anonymized to protect individual organizations or farms.
5. **Responsible Use**

Rainforest Alliance and its partners use data only for legitimate purposes such as sustainability improvement, research, compliance verification, and transparency.

## **5. What Data we May Share**

### **5.1 Public Information**

Rainforest Alliance may publicly share:

- Certificate holder names, locations, and Rainforest Alliance identification codes
- Crop type, certified area size, certification status, and confirmed nonconformities
- Lists of companies or products using Rainforest Alliance seals
- Aggregated or anonymized data analyses for impact reporting, research, and market transparency

This data is **not confidential** under the T&Cs.

### **5.2 Supply** **Chain Data**

- Rainforest Alliance may share **supply chain data** within a specific supply chain (e.g., with registered buyers that are current on all applicable royalties, fees, and other required payments or actors directly linked to the same certified product flow).
- Such data is considered **confidential** and shared **only as p****ermitted** under the Certification Binding Documents.
- Rainforest Alliance may also share **volume information** with registered buyers to help facilitate the sale of certified products.

### **5.3 Data Shared with Researchers or Third Parties**

- Rainforest Alliance may share **anonymized or aggregated data** (based on a minimum of three data points) with Rainforest Alliance-approved **researchers** or **partners** to evaluate program effectiveness or conduct sustainability studies.
- If shared data includes Personal Information, Rainforest Alliance will only share it under a**Non-Disclosure Agreement (NDA), or Data Use Agreement (DUA)**.
- Disaggregated anonymized data (i.e., without identifiable personal or company details) may also be shared with researchers under an NDA.

### **5.4 Data Shared with Auditors and Certification Bodies**

- Rainforest Alliance shares information such as contact details, audit reports, traceability data, and other relevant certification information with **accredited auditors and certification bodies**.

## **6. What we Will Not Share**

Rainforest Alliance will not share:

- **Personal information** (e.g., phone numbers, emails, GPS) without consent or a legal basis.
- **Confidential Supply Chain Data** outside the certified supply chain unless authorized by the data subject.
- **Any data** that could harm the privacy, safety, or reputation of individuals or organizations or lead to reasonably foreseeable competitive organizational advantages.

## **7. Possible External Data Request Scenarios**

| **Request Type** | **Rainforest Alliance Action** |
| --- | --- |
| ***Requests via Account Managers –*** Stakeholders may request additional information when engaging with Rainforest Alliance teams during collaboration or service delivery. | These requests are reviewed according to Rainforest Alliance data sharing procedures and applicable guidelines. |
| ***Requests Triggered by Public Dashboards or Reports –*** External users may see high-level or aggregated information in Rainforest Alliance dashboards (e.g., Power BI) and request deeper insights. | Rainforest Alliance will assess whether further data can be shared based on confidentiality, anonymization, and legal requirements. |
| ***Requests Related to Ethical or Compliance Concerns –*** External parties may request information to verify adherence to Rainforest Alliance ethical, environmental, or human rights safeguards. | Rainforest Alliance will provide appropriately scoped information without disclosing personal or confidential supply chain data. |

All requests are evaluated on a case-by-case basis and addressed through Rainforest Alliance’s established procedures to ensure responsible, legal, and ethical data sharing.

## **8. Data Use Safeguards**

To protect data contributors:

- All external data sharing follows **data protection laws** and Rainforest Alliance**security protocols** (in all material respects).
- Partners receiving data must agree to **keep it confidential** and **use it only for approved purposes**.
- When applicable, Rainforest Alliance **anonymizes and/or aggregates sensitive data** before sharing externally.
- Misuse of shared data may lead to **access suspension, legal action, or termination of agreements**.

## **9. Rights and Responsibilities**

***Certificate Holders and Organizations:***

Have the right to:

- Request clarification on how data is used or shared.
- Withdraw consent (where applicable).

Are responsible for:

- Ensuring own compliance with data protection laws when submitting personal information to Rainforest Alliance.
- Providing accurate data through the certification process.

## **10. Contact and Governance**

The Rainforest Alliance Data Management and Legal Teams oversee this policy.

Questions or concerns can be sent to: [**datamanagement@ra.org**](mailto:datamanagement@ra.org)

## **11. Review and Updates**

This policy is reviewed annually to remain consistent with:

- Rainforest Alliance Terms & Conditions
- Certification Binding Documents
- Applicable data protection regulations
- Rainforest Alliance Privacy Policy